{
    "info": {
        "author": "Terri Oda",
        "author_email": "terri.oda@intel.com",
        "bugtrack_url": null,
        "classifiers": [
            "Development Status :: 4 - Beta",
            "Intended Audience :: Developers",
            "License :: OSI Approved :: MIT License",
            "Natural Language :: English",
            "Operating System :: OS Independent",
            "Programming Language :: Python :: 2.7",
            "Programming Language :: Python :: 3.3",
            "Programming Language :: Python :: 3.4",
            "Programming Language :: Python :: 3.5",
            "Programming Language :: Python :: 3.6",
            "Programming Language :: Python :: 3.7",
            "Programming Language :: Python :: Implementation :: CPython",
            "Programming Language :: Python :: Implementation :: PyPy"
        ],
        "description": "CVE Binary Tool\n===============\n\n[![Build Status](https://travis-ci.org/intel/cve-bin-tool.svg?branch=master)](https://travis-ci.org/intel/cve-bin-tool)\n[![codecov](https://codecov.io/gh/intel/cve-bin-tool/branch/master/graph/badge.svg)](https://codecov.io/gh/intel/cve-bin-tool)\n[![Gitter](https://badges.gitter.im/cve-bin-tool/community.svg)](https://gitter.im/cve-bin-tool/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)\n[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/python/black)\n\n\nThe CVE Binary Tool scans for a number of common, vulnerable open source\ncomponents (openssl, libpng, libxml2, expat and a few others) to let you know\nif a given directory or binary file includes common libraries with known\nvulnerabilities.\n\nUsage:\n`cve-bin-tool <flags> <path to directory>`\n\nYou can also do `python -m cve_bin_tool.cli <flags> <path to directory>` which is useful if you're trying the latest code from [the cve-bin-tool github](https://github.com/intel/cve-bin-tool/compare).\n\n\n```\n  -h, --help            show help message and exit\n\n\n  Output options:\n  -v, --verbose         details on found issues as script runs\n  -q, --quiet           suppress output\n  -l {debug,info,warning,error,critical}, --log {debug,info,warning,error,critical}\n                        log level\n\n  Functional options:\n  -x, --extract         autoextract compressed files\n  -s SKIPS, --skips SKIPS\n                        comma-separated list of checkers to disable\n  -m, --multithread     enable multithread\n  -u {now,daily,never}, --update {now,daily,never}\n                        update schedule for NVD database. Default is daily.\n```\n\nThis release may be the last one to support python 2.7; please switch to python 3.\n\nThis readme is intended to be a quickstart guide for using the tool.  If you\nrequire more information, there is also a [user manual](MANUAL.md) available.\n\nHow it works\n------------\n\nThis scanner looks at the strings found in binary files to see if they\nmatch certain vulnerable versions of the following libraries and tools:\n\n* curl\n* expat\n* icu\n* kerberos\n* libgcrypt\n* libjpeg\n* libnss\n* libpng\n* libtiff\n* node.js\n* openssl\n* sqlite\n* systemd\n* xerces\n* xml2\n* zlib\n\nAll the checkers can be found in the checkers directory, as can the\n[instructions on how to add a new checker](cve_bin_tool/checkers/README.md).\nSupport for new checkers can be requested via\n[GitHub issues](https://github.com/intel/cve-bin-tool/issues).\n\nLimitations\n-----------\n\nThis scanner does not attempt to exploit issues or examine the code in greater\ndetail; it only looks for library signatures and version numbers.  As such, it\ncannot tell if someone has backported fixes to a vulnerable version, and it\nwill not work if library or version information was intentionally obfuscated.\n\nThis tool is meant to be used as a quick-to-run, easily-automatable check in a\nnon-malicious environment so that developers can be made aware of old libraries\nwith security issues that have been compiled into their binaries.\n\nRequirements\n------------\n\nTo use the auto-extractor, you may need the following utilities depending on the\ntype of file you need to extract. Belows are required to run the full\ntest suite on linux:\n\n* `ar`\n* `cabextract`\n* `cpio`\n* `rpm2cpio`\n\nMost of these are installed by default on many Linux systems, but `cabextract` and\n`rpm2cpio` in particular might need to be installed.\n\nOn windows systems, you may need:\n\n* `ar`\n* `7z`\n* `Expand`\n\nWindows has `ar` and `Expand` installed in default, but `7z` in particular might need to be installed.  (7z is used only for rpm extraction, which is used heavily in our test suite, but if you're not scanning rpm files on windows you may be able to do without.)\n\nCSV2CVE\n-------\n\nThe CVE Binary Tool package also includes a tool called `csv2cve` which is a helper tool that allows you to search the local database for a list of known packages.  This can be useful if the list of packages is known.\n\nUsage:\n`csv2cve <csv_file>`\n\nThe CSV file must contain the following columns: `vendor,package,version` where the vendor and package names are exact matches to the strings in the National Vulnerability Database.  You can read more about how to find the correct string in [the checker documentation](https://github.com/intel/cve-bin-tool/blob/master/cve_bin_tool/checkers/README.md), and the [csv2cve manual](https://github.com/intel/cve-bin-tool/blob/master/CSV2CVE.md) has more information on using this tool.\n\nFeedback & Contributions\n------------------------\n\nBugs and feature requests can be made via [GitHub\nissues](https://github.com/intel/cve-bin-tool).  Be aware that these issues are\nnot private, so take care when providing output to make sure you are not\ndisclosing security issues in other products.\n\nPull requests are also welcome via git.\n\nThe CVE Binary Tool uses [the Black python code\nformatter](https://github.com/python/black) to keep coding style consistent;\nyou may wish to have it installed to make pull requests easier.\n\nSecurity Issues\n---------------\n\nSecurity issues with the tool itself can be reported to Intel's security\nincident response team via\n[https://intel.com/security](https://intel.com/security).\n\nIf in the course of using this tool you discover a security issue with someone\nelse's code, please disclose responsibly to the appropriate party.",
        "description_content_type": "text/markdown",
        "docs_url": null,
        "download_url": "",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://github.com/intel/cve-bin-tool",
        "keywords": "security,tools,CVE",
        "license": "GPLv3",
        "maintainer": "Terri Oda",
        "maintainer_email": "terri.oda@intel.com",
        "name": "cve-bin-tool",
        "package_url": "https://pypi.org/project/cve-bin-tool/",
        "platform": "",
        "project_url": "https://pypi.org/project/cve-bin-tool/",
        "project_urls": {
            "Homepage": "https://github.com/intel/cve-bin-tool"
        },
        "release_url": "https://pypi.org/project/cve-bin-tool/0.3.0/",
        "requires_dist": null,
        "requires_python": "",
        "summary": "CVE Binary Checker Tool",
        "version": "0.3.0"
    },
    "last_serial": 5673147,
    "releases": {
        "0.2.0": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "c229dd10b4885f6adb6df3b9e2126548",
                    "sha256": "3dd73f7938f2dd8feba6aaf95a48e6e778d5777a94697567e2964a1bccb42cc4"
                },
                "downloads": -1,
                "filename": "cve-bin-tool-0.2.0.tar.gz",
                "has_sig": false,
                "md5_digest": "c229dd10b4885f6adb6df3b9e2126548",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 21292,
                "upload_time": "2019-01-19T02:33:32",
                "url": "https://files.pythonhosted.org/packages/68/4f/6d6534c081f4dd68a6d1487e603853d94b2ddc93f6b6ad5d20b40aea2873/cve-bin-tool-0.2.0.tar.gz"
            }
        ],
        "0.3.0": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "61aac2e1c2b8549412cfea24f902a786",
                    "sha256": "6b7a7fa0bf142af30acbedcfe6e026b003214207ba3932fd5cefdd923ba04ce0"
                },
                "downloads": -1,
                "filename": "cve-bin-tool-0.3.0.tar.gz",
                "has_sig": false,
                "md5_digest": "61aac2e1c2b8549412cfea24f902a786",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 59732,
                "upload_time": "2019-08-13T18:55:25",
                "url": "https://files.pythonhosted.org/packages/92/9f/8f7f7233aa1c5a367303ff036ddf5e12ea95f1af7789e24056af6bc161e8/cve-bin-tool-0.3.0.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "61aac2e1c2b8549412cfea24f902a786",
                "sha256": "6b7a7fa0bf142af30acbedcfe6e026b003214207ba3932fd5cefdd923ba04ce0"
            },
            "downloads": -1,
            "filename": "cve-bin-tool-0.3.0.tar.gz",
            "has_sig": false,
            "md5_digest": "61aac2e1c2b8549412cfea24f902a786",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 59732,
            "upload_time": "2019-08-13T18:55:25",
            "url": "https://files.pythonhosted.org/packages/92/9f/8f7f7233aa1c5a367303ff036ddf5e12ea95f1af7789e24056af6bc161e8/cve-bin-tool-0.3.0.tar.gz"
        }
    ]
}